Presentation is loading. Please wait.

Presentation is loading. Please wait.

Tony Chebli.

Published byJosé Ángel Saavedra Romero Modified over 6 years ago

Similar presentations

Presentation on theme: "Tony Chebli."— Presentation transcript:

1 Tony Chebli

2 The Bottom Line “INFORMATION is an asset which, like other important business assets, has value to an organization and consequently needs to be suitably PROTECTED” “…...Whatever form the information takes, or means by which it is shared or stored, it should always be appropriately protected” ISO

3 Our Objectives

4 The Ugly Truth “The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete bunker, and is surrounded by nerve gas and very highly paid armed guards. Even then, I wouldn’t stake my life on it.” Gene Spafford- Director, Computer operations, audit and Security Technology (COAST)-Purdue University

5 Absence of Framework or Standards
No clear direction for Management intentions toward information security Lack of Management support Lack of staff focus Ad-hoc protection Under protection Over protection Undetermined of security level

6 Framework/Standards Advantages
Confidence Competitive Edge Enforced regulations Gain new customers Focused staff responsibilities Survival IMAGE Profitability $

7 ISO 27001 ISO is a process to develop and implement an information security management system (ISMS) ISO is the only auditing specification for information security management systems ISO is a management tool…! To manage problems with an: information security management system (ISMS) The objective of the standard is to "provide requirements for establishing, implementing, maintaining and continuously improving an Information Security Management System (ISMS)".

8 ISO 27001 100+ Controls- Annex A

9 PCI-DSS The Payment Card Industry Data Security Standard (PCI-DSS) is a worldwide information security standard assembled by the Payment Card Industry Security Standards Council (PCI SSC). The standard was created to help organizations that process card payments prevent credit card fraud through increased controls around data and its exposure to compromise.

10 PCI-DSS Requirements 300+ Controls

11

Download ppt "Tony Chebli."

Similar presentations

Session 4: Data Privacy and Fraud Moderator: Bill Houck, Director, Risk Management, UATP Panelist: Peter Warner, EVP, Retail Decisions Cherie Lauretta,

Session 4: Data Privacy and Fraud Moderator: Bill Houck, Director, Risk Management, UATP Panelist: Peter Warner, EVP, Retail Decisions Cherie Lauretta,
ISACA January 8, 2013. IT Auditor at Cintas Corporation Internal Audit Department Internal Security Assessor (ISA) Certification September 2010 Annual.

ISACA January 8, IT Auditor at Cintas Corporation Internal Audit Department Internal Security Assessor (ISA) Certification September 2010 Annual.
National Bank of Dominica Ltd. 2011 Merchant Seminar Facilitator: Janiere Frank Fraud & Compliance Analyst June 16, 2011.

National Bank of Dominica Ltd Merchant Seminar Facilitator: Janiere Frank Fraud & Compliance Analyst June 16, 2011.
Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.

Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.
The Regulation Zoo: Dealing With Compliance Within The Firewall World

The Regulation Zoo: Dealing With Compliance Within The Firewall World
Information & Communication Technologies 08 2014 NMSU All About Discovery! Risk-Based Information Security Program at NMSU presented by Norma Grijalva.

Information & Communication Technologies NMSU All About Discovery! Risk-Based Information Security Program at NMSU presented by Norma Grijalva.
PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.

PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.
Governance Risk and Compliance It’s Time to Talk About Control.

Governance Risk and Compliance It’s Time to Talk About Control.
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.
100% Security “ The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete.

100% Security “ The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete.
Why Comply with PCI Security Standards?

Why Comply with PCI Security Standards?
PCI 3.0 Boot Camp Payment Card Industry Data Security Standards 3.0.

PCI 3.0 Boot Camp Payment Card Industry Data Security Standards 3.0.
An Introduction to PCI Compliance. Data Breach Trends About PCI-SSC 12 Requirements of PCI-DSS Establishing Your Validation Level PCI Basics Benefits.

An Introduction to PCI Compliance. Data Breach Trends About PCI-SSC 12 Requirements of PCI-DSS Establishing Your Validation Level PCI Basics Benefits.
No one questions that Microsoft can write great software. Customers want to know if we can be innovative, scalable, reliable in the cloud. (1996) 450M+

No one questions that Microsoft can write great software. Customers want to know if we can be innovative, scalable, reliable in the cloud. (1996) 450M+
General Awareness Training

General Awareness Training
What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.

What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.
Identity Protection (Red Flag/PCI Compliance/SSN Remediation) SACUBO Fall Workshop Savannah, GA November 3, 2009.

Identity Protection (Red Flag/PCI Compliance/SSN Remediation) SACUBO Fall Workshop Savannah, GA November 3, 2009.
GRC - Governance, Risk MANAGEMENT, and Compliance

GRC - Governance, Risk MANAGEMENT, and Compliance
Günter Griesmayr 29. April 2010

Günter Griesmayr 29. April 2010
SV: 011510 IS PATIENT BILLING A LOSING PROPOSITION FOR BILLING COMPANIES, TOO MANY PATIENTS, TOO MANY NO PAY.

SV: IS PATIENT BILLING A LOSING PROPOSITION FOR BILLING COMPANIES, TOO MANY PATIENTS, TOO MANY NO PAY.

Similar presentations

Ads by Google